﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using MShop.Core.Service.Membership;
using MShop.Core.Util;


namespace MShop.Web.Components.Filters
{
   
    [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method,Inherited=true, AllowMultiple=false)]
    public class PowerAuthonize:System.Web.Mvc.FilterAttribute,IAuthorizationFilter
    {
       
        private readonly IRoleService _RoleService;

        public PowerAuthonize(IRoleService roleService)
        {
            _RoleService = roleService;
        }

        public PowerAuthonize()
            : this(IoC.Resolve<IRoleService>())
        {
            
        }

        #region IAuthorizationFilter Members

        public void OnAuthorization(AuthorizationContext filterContext)
        {
            if (filterContext == null)
            {
                throw new ArgumentNullException("AuthorizationContext");
            }

            if (AuthorizeCore(filterContext.HttpContext))
            {
                HttpCachePolicyBase cachepolicy = filterContext.HttpContext.Response.Cache;
                cachepolicy.SetProxyMaxAge(new TimeSpan(0L));

                cachepolicy.AddValidationCallback(new HttpCacheValidateHandler(CacheValidateHandler), null);
            }
            else
            {
                HandlerUnAuthorizedRequest(filterContext);
            }
        }

        #endregion


        private void CacheValidateHandler(HttpContext context, object data, ref HttpValidationStatus validationStatus)
        {
            validationStatus = this.OnCacheAuthorization(new HttpContextWrapper(context));
        }

        protected virtual HttpValidationStatus OnCacheAuthorization(HttpContextBase httpContext)
        {
            if (httpContext == null)
            {
                throw new ArgumentNullException("HttpContextBase");
            }
            if (!this.AuthorizeCore(httpContext))
            {
                return HttpValidationStatus.IgnoreThisRequest;
            }
            return HttpValidationStatus.Valid;
        }

        protected virtual bool AuthorizeCore(HttpContextBase httpContext)
        {
            if (!httpContext.User.Identity.IsAuthenticated)
            {
                return false;
            }
            System.Security.Principal.IPrincipal principal = httpContext.User;

            var powerroles = _RoleService.FindPowerRoles();
            bool result = false;
            powerroles.ToList().ForEach(x => {
                if (principal.IsInRole(x.RoleName))
                {
                    result= true;
                   
                }
            });
            return result;
 
        }

        protected virtual void HandlerUnAuthorizedRequest(AuthorizationContext filterContent)
        {
            filterContent.Result = new HttpUnauthorizedResult();
        }

      

        
 

    }
}